Focus on Microsoft
SecurityFocus Microsoft Newsletter #390 Apr 16 2008 10:58PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #390
----------------------------------------

This issue is sponsored by Blackhat

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. MICROSOFT VULNERABILITY SUMMARY
1. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
2. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
3. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
4. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial of Service Vulnerabilities
5. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
6. Trillian DTD File XML Parser Buffer Overflow Vulnerability
7. Symantec Altiris Deployment Solution AClient Password Disclosure Vulnerability
8. Microsoft SharePoint Server Picture Source HTML Injection Vulnerability
9. HP OpenView Network Node Manager 'ovspmd' Buffer Overflow Vulnerability
10. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability
11. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer Overflow Vulnerability
12. Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability
13. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
14. Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability
15. Microsoft Windows GDI Stack Overflow Vulnerability
16. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
17. Microsoft Visio Object Header Remote Code Execution Vulnerability
18. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
19. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
20. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability
21. Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability
22. Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
BugTraq ID: 28803
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28803
Summary:
ICQ is prone to a remote buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers.

A remote attacker may execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects ICQ 6 build 6043; other versions may also be vulnerable.

2. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28783
Remote: Yes
Date Published: 2008-04-15
Relevant URL: http://www.securityfocus.com/bid/28783
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the vulnerable 'libclamav' library. Failed exploit attempts will likely cause denial-of-service conditions.

ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be affected.

NOTE: This BID is being retired because it is a duplicate of BID 28756.

3. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
BugTraq ID: 28775
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28775
Summary:
Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.

This issue affects Nero MediaHome 3.3.3.0. Other versions may also be affected.

4. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 28759
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28759
Summary:
XM Easy Personal FTP Server is prone to multiple remote denial-of-service vulnerabilities.

These issues allow remote attackers to crash affected FTP servers, denying service to legitimate users. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

XM Easy Personal FTP Server 5.4.0 is vulnerable; other versions may also be affected.

5. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28756
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28756
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the vulnerable 'libclamav' library. Failed exploit attempts will likely cause denial-of-service conditions.

ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be affected.

6. Trillian DTD File XML Parser Buffer Overflow Vulnerability
BugTraq ID: 28747
Remote: Yes
Date Published: 2008-04-11
Relevant URL: http://www.securityfocus.com/bid/28747
Summary:
Trillian is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

To exploit this issue, an attacker must entice an unsuspecting user to load a malicious '.dtd' file. Successfully exploiting this issue may allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will cause denial-of-service conditions.

Trillian 3.1.9.0 Basic is vulnerable; other versions may also be affected.

7. Symantec Altiris Deployment Solution AClient Password Disclosure Vulnerability
BugTraq ID: 28707
Remote: No
Date Published: 2008-04-10
Relevant URL: http://www.securityfocus.com/bid/28707
Summary:
Symantec Altiris Deployment Solution AClient is prone to a local password-disclosure vulnerability because of a design error.

Exploiting this issue may allow a local attacker to access unencrypted passwords, potentially allowing them to access the application's administrative interface in an unauthorized manner. This can facilitate a complete compromise of affected computers.

This issue affects versions prior to Altiris Deployment Solution 6.9.164.

8. Microsoft SharePoint Server Picture Source HTML Injection Vulnerability
BugTraq ID: 28706
Remote: Yes
Date Published: 2008-04-09
Relevant URL: http://www.securityfocus.com/bid/28706
Summary:
Microsoft SharePoint Server is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Note that to perform attacks, an attacker requires access to a user account with sufficient privileges to edit pages.

Exploiting this issue may allow the attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

Microsoft SharePoint Server 2.0 is vulnerable; other versions may also be affected.

9. HP OpenView Network Node Manager 'ovspmd' Buffer Overflow Vulnerability
BugTraq ID: 28689
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28689
Summary:
HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager process. This facilitates the remote compromise of affected computers.

Network Node Manager 7.53 running on Microsoft Windows is affected by this issue; other versions and platforms may also be vulnerable.

10. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability
BugTraq ID: 28667
Remote: Yes
Date Published: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28667
Summary:
Microsoft Internet Explorer is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain potentially sensitive information from the local computer. Information obtained may aid in further attacks.

This issue affects Internet Explorer 7. Reportedly, Internet Explorer 8 is not vulnerable, but this has not been confirmed.

This issue may be related to the vulnerability discussed in BID 28581 (Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability).

11. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 28662
Remote: Yes
Date Published: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28662
Summary:
Tumbleweed SecureTransport is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

12. Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability
BugTraq ID: 28607
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28607
Summary:
Microsoft Project is prone to a remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

13. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 28606
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28606
Summary:
Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

14. Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability
BugTraq ID: 28571
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28571
Summary:
Microsoft Windows is prone to a heap-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF or WMF image file.

A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.

15. Microsoft Windows GDI Stack Overflow Vulnerability
BugTraq ID: 28570
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28570
Summary:
Microsoft Windows is prone to a stack-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF image file.

A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.

16. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
BugTraq ID: 28556
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28556
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

17. Microsoft Visio Object Header Remote Code Execution Vulnerability
BugTraq ID: 28555
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28555
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

18. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
BugTraq ID: 28554
Remote: No
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28554
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

The vulnerability resides in the Windows kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system.

19. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
BugTraq ID: 28553
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28553
Summary:
Microsoft Windows operating systems are prone to a vulnerability that lets attackers spoof DNS clients. This issue occurs because the software fails to employ properly secure random numbers when creating DNS transaction IDs.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

20. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability
BugTraq ID: 28552
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28552
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to adequately handle certain user-supplied data.

Attackers can leverage this issue to execute arbitrary code with the privileges of the application. Successful exploits will compromise affected computers. Failed attacks may cause denial-of-service conditions.

21. Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability
BugTraq ID: 28551
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28551
Summary:
Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input.

Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary code to run with the privileges of the victim.

These versions are affected:

VBScript 5.6 and earlier
JScript 5.6 and earlier

22. Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 28454
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28454
Summary:
Autonomy KeyView module is prone to multiple stack- and heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Exploiting these issues will allow an attacker to corrupt memory and to cause denial-of-service conditions or potentially to execute arbitrary code in the context of the application using the module.

Multiple products using the KeyView module are affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Blackhat

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus